Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Cyber-recovery. Show all posts

Are You Really Prepared for a Ransomware Attack?


With the continuous evolution and development in the IT industry, it still seems as if most IT environments are yet not adequately equipped against ransomware and remain oblivious to the importance of an efficient protection system. 

According to a recent IDC survey, conducted on more than 500 CIOs from more than 20 industries around the world, 46 percent of the respondents reported having witnessed at least one ransomware attack in the last three years. This indicates how ransomware has surpassed natural disaster, to become the main reason one needs to be skilled at handling large data restorations. Many years ago, disk system failure, which frequently required a complete restore from scratch, was the primary cause of such restores. 

However, situations changed with the introduction of RAID and Erasure Coding, which brought terrorism and natural disasters to the forefront. Nonetheless, unless you lived in a specific disaster-prone area, the likelihood that any one company would experience a natural disaster was actually fairly low. 

Is the Company Prepared for an Attack? 

May be not. 

The survey suggests that organizations who have had an experience of cyberattacks or data loss think highly of their ability to respond to such events in the future. In support of this notion, 85 percent of the respondents, on being asked about their security plans, claimed of having a cyber-recovery playbook for intrusion detection, prevention and response. 

While, it is to be taken into consideration that ransomware attacks are ever-evolving, with threat actors implementing a different tactics for the attacks. Thus, it is difficult to conclude that the current data resiliency tools would be highly efficient for all the future ransomware attacks. 

These tools however, should have one key objective in common. An efficient tool must be capable of recovering the breached data in a manner that the organization need not have to pay enormous ransom, while also making sure that the data is not lost. Since ransomware attacks are inevitable, data resiliency tool could at least ensure lesser damage from the attacks. 

Minimizing Attack Damage 

In order to detect a ransomware attack, to respond and to recover from it, one requires several crucial steps and tactics to be followed as given below.  

• IT infrastructure could be created in a way to limit the damage of an attack, for example, by forbidding the usage of new domains (preventing command and control) and restricting internal lateral movement (minimizing the ability of the malware to spread internally). However, after ransomware has hit you, you must employ numerous tools, many of which may be automated for greater efficiency. 

• Limiting lateral movement in order to halt the IP traffic all at once. If infected systems would not be able to communicate, no further damage would resultingly take place. Once the infected systems are identified and shut down, one can proceed with their disaster recovery phase of bringing infected systems online. Further, ensuring that the recovery systems are themselves not infected.